Local vs. global disable/delete
FOS distinguishes between local and global disable/delete operations for FTC-enabled FGT users.
While a local delete operation removes the user from an FGT VDOM without affecting the user in FTC, a global delete operation removes the user in both FGT and FTC.
When you disable an FTC-enabled user locally in an FGT VDOM, the user remains unchanged in FTC; when you disable an FTC-enabled user globally in FGT, you remove the user from FTC.
The table below highlights the differences between local and global disable/delete operations.
FortiGate Operation |
Disable |
Enable |
Delete Locally |
Delete Global |
---|---|---|---|---|
User in FortiGate |
Enabled->Disabled |
Disabled->Enabled |
Deleted |
Deleted |
User in FTC |
Unchanged |
Unchanged |
Unchanged |
Deleted |
|
Since a local delete-user operation in FGT removes a user only from a specific FGT VDOM but leaves it intact in FTC, FOS warns the VDOM admin that the local delete operation does not remove the user in FTC and, therefore, usage will still be counted as long as the user remains in FTC. |